GithubHelp home page GithubHelp logo

5l1v3r1 / xss-scanner-1 Goto Github PK

View Code? Open in Web Editor NEW

This project forked from mariagarber/xss-scanner

0.0 1.0 0.0 1.85 MB

XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts

JavaScript 61.94% CSS 25.94% HTML 12.12%

xss-scanner-1's Introduction

XSS Scanner

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs.

The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scripts at the input place. The injection happens in headless browser named Chromium and controlled by Puppeteer automation.

It works in two steps:

  1. Find the target: In this first step, the tool tries to identify all the places at the page including injectable parameters in forms, URLs, headers, etc.
  2. Test for XSS: For each place discovered in the previous step, the scanner will try to detect if the parameters are vulnerable to Cross-Site Scripting. The tool injects a piece of JavaScript code, including some special HTML characters (>, <, ", ') and it will try to see if they are returned in the response page without sanitization. If the tool detects at least one vulnerability, it will return that the website have XSS vulnerability.

Technologies

  • Puppeteer
  • Javascript
  • NodeJS
  • Express

How to install

Clone the repository:

git clone https://github.com/MariaGarber/XSS-Scanner.git

Enter the clonned folder:

cd XSS-Scanner

Install the dependencies:

npm install

Run the application:

npm start

Open the browser at http://localhost:4000/

xss-scanner-1's People

Contributors

mariagarber avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.